Author: crypto-recovery

Update: June 16, 2018: We are waiving the $50 setup fee for all clients that sign a contract with us in the remaining 2 weeks of June, 2018.

We are changing our pricing model beginning Monday, March 12, 2018.

Until now, we have only charged our clients a percentage of funds recovered. So, if a client had lost access to a wallet that contained 1 Bitcoin, we would charge them nothing until and unless we had recovered access to their funds. At that point, we charged 20% of the funds recovered.

That model can work well, but it has some flaws, both for us as a company and for our clients.

Disadvantages for us as a Company:

Before we get to the point of decrypting wallets we spend a lot of time working with clients that often are not serious about recovering their funds.

More then 30% of the wallets that we have recovered have been empty, or had less than the equivalent of USD $50 in them when we recovered them.

We have spent dozens of hours researching complicated client issues, only to have the client decide not to pursue recovery.

Disadvantages for our Clients:

Half of the people that contact us have crypto recovery issues that don’t offer a clear path to the recovery of funds. We have not been able to afford to service those clients.

Some clients with larger wallets balk at a 20% recovery fee.

Many clients have asked for phone consultations, which have not made financial sense under the old model.

To address these different concerns, we have decided to implement a new pricing model. Beginning Monday, March 12, we are going to charge all clients a USD $50 up-front fee. That fee will include:

An initial consultation by phone, and follow-up conversations by email.

We will thoroughly discuss your options for recovering your funds, include the use of recovery phrases, password managers and brute force decrypting your password.

We will help you identify likely password guesses.

If you choose to pursue brute force decrypting of your password, and we can get both a viable wallet backup and password guesses, we will test at least 1 million password variations.

In acknowledgement that the $50 fee reduces our risk in getting paid, we are reducing our fee from funds recovered from 20% to 17.5%. In addition, we will apply the initial $50 charge towards our fee.

So, to take our initial example of a client that had lost their password to a wallet that contained 1 Bitcoin, under the old model we would have charged 20% of the funds recovered, or .2 BTC. Under the new model we would charge $50 up-front, plus .175 BTC when the funds are recovered.

While it sounds complicated a Cross Chain Transaction (also known as a cross chain deposit) is both simple to understand and, unfortunately, a simple mistake to make.

A cross chain deposit is when you accidentally send one type of coin (such as Bitcoin) to a different type of coin’s address (such as Bitcoin Cash). This often happens when sending funds between different ERC20 tokens or when a hard fork results in two crypto assets having the same format for their addresses. Cross change transactions often happen between Bitcoin and Bitcoin Cash, as well as Ethereum and Ethereum Classic.

Imagine that Susan has two Bitcoin wallets: one that she uses to exchange US dollars to Bitcoin (we’ll call that the “Exchange Wallet”), and one that she uses to store the Bitcoin that she owns (we’ll call that the “Hodl Wallet”).

One day she decides to move 1 Bitcoin from her Exchange Wallet to her Hodl Wallet. She starts at the Hodl Wallet and intends to request a Bitcoin address — except that she requests a Bitcoin Cash address by mistake. She then sends 1 Bitcoin from her Exchange Wallet to a Bitcoin Cash address.

Bitcoin miners record that Susan’s Bitcoin left her Exchange Wallet. If Susan checks the balance of her Exchange Wallet it will have decreased by 1 Bitcoin.

Bitcoin Cash miners record the deposit on the Bitcoin Cash public ledger. If Susan checks the balance at the (Bitcoin Cash) receiving address, she will see that 1 Bitcoin Cash has been sent to that address. But, since she doesn’t have a Bitcoin Cash wallet, she no longer controls the funds!

The Hodl Wallet shows that no deposit was sent.

New Address format for Bitcoin Cash

As of late January, 2018, many wallets and exchanges have begun to implement a new address for Bitcoin Cash which makes it harder to make a cross chain transaction. The new format is called CashAddr, and its formal specification is here.

Who is Responsible for Recovering Cross Chain Transactions?

This is where things get complicated. First, the person or organization that holds the private keys at the receiving address is the only entity that can help.

Second, if the receiving address was at an exchange (ex: Bittrex, Coinbase, Kraken) then your only hope is that the exchange will recover those funds for you. That’s because exchanges typically control the private keys for the receiving addresses, and those same keys may control funds for many different accounts. Each exchange has their own policies about if and how they will recover cross chain deposits. It’s common that (at this point in time) they simply won’t recover small transactions, and they often charge fees.

Polite persistence is probably your best friend for getting help from exchanges for small cross chain deposits.

We can also help you recover these funds, as long as you control the private key for the receiving address. Please contact us if you’d like more information.

What If I Don’t Control the Private Key of the Receiving Wallet?

One of our readers recently wrote to explain that they had mistakenly sent Bitcoin Cash from one exchange (Binance) to a Bitcoin address at another exchange (Coinbase). They explained that Coinbase told them that the funds were lost.

Coinbase is the entity that controls the private key of the receiving wallet, so only Coinbase has the technical ability to recover this mistaken deposit. Here was my advice:

If you think about this from Coinbase’s perspective, they see bitcoin cash sent from one wallet to a Bitcoin address that they control the private key for. They don’t know who should control those bitcoin cash coins. The fact that you know the details of the transaction is suggestive that you are the rightful owner, but the funds were sent from a wallet whose private key you don’t control, so you can’t prove that you are the rightful owner. What if they sent the coins to you, but it turns out that you simply saw the transaction on the blockchain, and then claimed to be the owner? Now, they have opened themselves up to liability.

The best case scenario is that they will return the coins at some point in the future to the Binance wallet from which they were sent. So, if I were you I would:

Contact Coinbase using the account that you attempted to send the coins to. Make sure that you have provided them with as much identity documentation as they will accept. (You want them to be confident that they know who you are).

Stay extremely polite and persistent. Contact them once a month, and ask for an update on the situation. Don’t give up.

Simultaneously, contact Binance, and explain the error. Make sure that you have provided as much documentation of your identity to them as possible.
Ask them what will happen if Coinbase reverses the transaction. (You want to get it in writing that they will return the funds to you, since the funds would probably be returned to a wallet that is shared between you and many other users).

Ask them to contact Coinbase about the transaction and request that Coinbase work with them to reverse it. They will probably have an easier time getting a meaningful response from Coinbase than you would.

Stay persistent and positive. Don’t get angry at the people from either company.

My guess is that over the next year or two companies will return mistaken cross chain deposits. My guess is that the courts (at least for companies based in the US) will require that they do it. (I’m not a lawyer, but I think any reasonable person looking at the situation would say: the funds ought to be returned to the wallets from which they originated.) You need to make sure that you don’t lose access to your accounts, and that you make it really clear to everyone involved that you are the rightful owner, and that you expect them to do the right thing.

Google shows tens of thousands of results for the query “lost myetherwallet password”. While not all of those results represent a person that has lost access to their Ethereum or tokens, many do. In this article we’re going to lay out a process for recovering access to your wallet. This process won’t work 100% of the time, but at the least you’ll know that you have exhausted all possibilities.

An Introduction to MyEtherWallet

First, let’s just talk briefly about MyEtherWallet.com (MEW). Although you can access the site over the web, it is not an online wallet. That is, you are not creating an account on MyEtherWallet.com — you are simply using tools published by MEW to create and manage a private key, so that you can interact with the Ethereum blockchain.

One implication of this is that your private key is not stored by MyEtherWallet.com, and there’s no account on that website that you can log into, and no set of customer support folks that can change your password to your private key if you lose it.

The Simplest Way to Recover your Wallet

If you saved your 12 word mnemonic phrase when you created your MEW wallet, you can recover the wallet at any point by using that phrase.

Go to MyEtherWallet.com

Click “Send Ether & Tokens” in the toolbar at the top

Select “Mnemonic Phrase” as the answer to the question: How would you like to access your wallet?

Enter your 12 word phrase

However, if you have gone through the trouble of finding this article it is unlikely that you have your 12 word recovery phrase available. So, let’s pull together the resources you need to recover your wallet without the recovery phrase.

Find your Keystore File

The first step in recovering access to your wallet is to locate your Keystore file. The Keystore file is essentially a copy of your Ethereum private key that has been encrypted with the password that you chose when you created a new wallet using MEW.

After you created that wallet, MEW encouraged you to download your Keystore file and save it to a safe location.

The Keystore file is written in a format known as JSON, and so you’ll occasionally see people refer to this as their MEW JSON file.

By default, MEW uses the following naming conventions for the Keystore file:

UTC–YYYY-MM-DDTHH-MM-SS.[46 character string]

Here’s an example of a Keystore file that was created on Feb 9, 2018:

UTC–2018-02-09T15-50-38.056Z–6c1d075eb115676ad5a9e96cc32f80d13a5a6dd5

A JSON file is just a human- and machine-readable text file that contains a series of keys and values. Here’s an example of the data stored within the Keystore file:

Generally speaking, you should be able to locate Keystore files on your hard drive by searching for filenames that begin with “UTC-“.

If you find one Keystore file, and the dates in the filename match the timeframe when you created your wallet, you’ve probably found the file you’re looking for. Congratulations! You’re ready to move on to figuring out your password.

If you find multiple Keystore files, you can use the process mentioned below to weed out the files whose password you know, leaving you with the Keystore file whose password you don’t know.

If you don’t find any Keystore files, there are a couple of possibilities:

Did you use a different computer to create your MEW wallet? If so your Keystore file may be stored on that computer.

Might you have an automated backup that might include your Keystore file?

How to Find the Correct Password

Now that you have located your Keystore file you can begin to test passwords against it.

The first step is to create a list of passwords that you think might be the right password.

Many people keep their cryptocurrency passwords under lock and key. Check your safe (if you have one) and see if you have your password written down.

You may have just a few passwords that you use for everything. While this is not optimal for security, it may make the process of finding your wallet password simple.

You may want to look at your password manager, whether it is the one integrated into your web browser or a 3rd party password manager, like LastPass.com.

No matter how and where you store your passwords, pull together your best guesses as to the password you might have used.

How to Check a Password Against your Keystore File

Note: MyEtherWallet.com does not need to be connected to the internet to test passwords against a Keystore file. All of the functionality occurs within your browser. So, in just a minute we’re going to recommend that you disconnect wifi (and/or your network cable) so that it’s harder for anyone to snoop on your password attempts.

Open your web browser and go to: MyEtherWallet.com

Click “Send Ether & Tokens”

Select “Keystore / JSON File” as the answer to the question: How would you like to access your wallet?

Use the “Select Wallet File” button to navigate and load your Keystore file

MEW will now display a message that says: “Your wallet is encrypted. Good! Please enter the password.”

Disconnect your wifi or wired connection to the internet at this time to improve your security.

Enter your first password guess and click the “Unlock” button.

If you see a message that says: “(error_07) Please enter a valid password. Error: Key derivation failed – possibly wrong passphrase” then you’ll know that this password guess is not correct. Go back to the first step and repeat with your next password guess.

If you have the right password you’ll be taken to a page that allows you to enter a receiving address for the cryptocurrency you want to send. This is the correct password!

If you try all your password guesses and you have not found the correct password, don’t despair. Now is when you start trying different combinations, mis-spellings, typos, etc.

We also provide a password recovery service, and we would be happy to take your Keystore file along with your password guesses and run millions of variations to find your password. Contact us if you’d like more information.

I created a Bitcoin account back in 2014, but I’m not sure where my wallet is. Can you help me find it?

In general, we can’t find it for you. We would need access to too many of your accounts (email, dropbox, etc) and possibly your computers themselves.

But, that said, with a little legwork there’s a good chance you can find the account yourself. Then, if you still need help recovering your password, contact us.

How do you figure out what service you used to create your bitcoin wallet?

As you might guess, tracking down a service that you used three or four years ago has the potential to be complicated. However, there are a couple of easy steps that you should take first. If you’re lucky, one of these will work.

If these don’t work, keep reading.

Blockchain.info

Blockchain.info has historically been the most popular wallet provider, so if you have no idea what service you might have used this is a good place to start. Here are two quick ways to check whether you created an account on Blockchain:

Search your email for a message with the subject line: Welcome to My Wallet. If you find such a message, then you created an account on Blockchain, and your Wallet ID will be included in the email.

It’s possible, but unlikely that your wallet id will be displayed in the “Wallet ID” field of the login form

Click on “View Options” in the lower right-hand corner of the login form

Look for the option that says “I’ve lost my Wallet ID: Email me a reminder with my Wallet ID to my email address”

Click “Remind Me” next to that option

Enter the email address you used to create the wallet, fill out the “captcha” and submit the form

If you correctly identified the email address that you used to create your wallet, then Blockchain.info should email you the Wallet ID within a few minutes.

If those two steps didn’t work, there are two possibilities:

You used a different email address than the one you checked, in which case you can run the same tests on those other email addresses.

You used a different wallet.

Take a Few Minutes to Get Organized

If those first, simplest checks didn’t work then it’s probably worth taking a few minutes to get organized. Here is the initial research that we recommend:

Get a good estimate of when you acquired the missing cryptocurrency.

Might the purchase be mentioned on a bank or credit card statement?

Create a list of all the email addresses you might have used during that time, and see if you can get access to those email accounts

Do you have a place (ex: a safe or a safe deposit box) where you might have stored printouts with passwords, paper wallets, security codes, etc? Check to see what backup information you might have.

Think through the physical computers that you might have used. Which of those do you still have access to?

Start with Email

Many online wallets and exchanges will send a welcome email when you first register an account.

First, figure out which email accounts you might have used to create the wallet.

Next, go through each of those email accounts and search for “Welcome” emails from the following services:

The following services have been reported to be defunct. If your coin was stored on one of these services it is most likely lost, as they all appear to have shut down after suffering from crippling thefts:

The following wallets can be considered at least partially “online” wallets, although many have mobile and /or desktop versions too:

Bitcoin.com (launched mid-2017)

BitGo.com (launched 2015)

Bittrex.com (launched in Feb. 2014)

Bixin.com

Blockchain.info (launched in Aug. 2011)

BTC.com

Coinbase.com (launched in Oct. 2012)

Copay (launched in Oct. 2016)

Cryptonator (launched in 2014)

Green Address (launched in April 2014)

Jaxx (launched in 2014)

Kraken.com (launched in July 2011)

Mycelium (launched in Sep 2013)

Multibit

Xapo (launched to the public in March 2014)

The following are desktop and mobile-only wallets:

Airbitz.co (launched in Oct. 2014)

Armory (launched Jan. 2012)

Bitcoin Core

Bitcoin Knots

Bither.net

Bread Wallet (launched in 2014)

Circle

Coinomi

Coins.ph (launched in 2014)

Electrum (launched Nov 2011)

Exodus (launched in July 2016)

The following are Paper Wallets:

BitAddress

BitcoinPaperWallet.com

Search your Hard Drive

Are you still using the same computer that you used at the time you created the wallet? If so, it’s possible that you saved a backup of the wallet to your computer.

Here are some typical filenames / extensions for wallet backups:

address.db

mbhd.wallet.aes

*.vault

*.wallet

wallet.dat

wallet.aes.json

wallets

Did you have a Dropbox Account?

Might you have backed up your wallet to your Dropbox account? You can try searching for the aforementioned filenames / extensions on Dropbox.com.

Backups

There are many ways to back up your hard drive.

Macs:

Time Machine is a standard Mac application that you can configure to take “snap shots” of your hard drive. Do you have a Time Machine snap shot from the time you created your account?

Apple sells an external hard drive called a Time Capsule — did you use this to backup your hard drive?

There are many services, like Backblaze.com that will remotely back up your hard drive.

Check your Browser

There are at least two options here:

First, most modern browsers give you an option to “Manage Passwords”. If you created a new account and you asked your browser to remember your username and password then you may be able to find the name of the site (and potentially your username and password) in your browser’s password manager.

Second, if you created this service recently, perhaps your browser history has stored the domain name of the service that you used.

Frequently Asked Questions

If I know the address where I received Bitcoin can I figure out what service created that address?

The answer, unfortunately, is: No

A bitcoin address is derived from your private key. Your private key is a random 256-bit number. Every wallet uses the same process to derive a bitcoin address from a private key. Therefore, there’s no way to figure out where you created a wallet based on one of its bitcoin addresses.